On Sat, 5 Jun 2021 11:28:52 +0200, Gert Doering <g...@greenie.muc.de> wrote:
>On Fri, Jun 04, 2021 at 10:23:07PM +0200, Bo Berglund wrote: >> Now I have made further tests and the failure pattern is repeatable: >> - Connect one client >> - Now the other clent cannot connect >> - Disconnect the first client >> - The second client cannot connect still >> - Now the first client also cannot connect anymore >> - Wait an as yet unspecified time in the range of 4-5 minutes or so >> - Now either of the two clients can connect. > >My gut feeling points to the NAT box. Especially if it "heals" itself >after a few minutes. > >Not sure why that box would get into "I can only have one session to >1193" stuck mode, but it very much looks like it. > >You could move the server to 1193, and avoid the port translation on >the NAT box. > >gert While the GMane news service was down over the week-end (or possibly the actual openvpn-users mail list) I was also starting to think that something with the port number translation could be afoot here. Since I have a company OpenVPN server also available I added a new user to that for no-password login (in the ovpn file) and then used that server to check if it would work. It does not use port number change in the port forward rules... And it did work! So something at my test site router is not working correctly. Now I have confirmed this by reconfiguring the port forward rules on the test server so the incoming port number is also used on the ovpn server device. I had to modify the openvpn server ports to be the same as on the router port forward incoming of course. After a router and openvpn restart it now works as it should! So your suggestion was spot on! Much obliged, thank you! -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
